Application Security Engineer

Canada

Applications have closed

CaseWare

Caseware is the leading global software provider for CPAs, auditors, risk and governance professionals. Reach new levels of productivity and efficiency today.

View company page

CaseWare is one of Canada's original Fintech companies, having led the global audit and accounting software industry for over 30 years, with more than 500,000 users across 130 countries and available in 16 different languages.
While you might not have heard of us (yet) over 36,000 accounting and audit professionals list CaseWare as a skill on their LinkedIn profiles!
As an Application Security Engineer at CaseWare, you’ll work with a team of security professionals on Secure Development Practices, Security Automation, and Secure Software Development Pipelines, Vulnerability Assessments and Penetration Testing. You will be part of an Application Security Engineering team committed to software and services security for dozens of products and services across Desktop, AWS And Azure Cloud environments. There is lots of opportunity to expand your exposure to technologies, and security practices in many areas of personal interest. We’re looking for the right individuals to help us mature our Application Security posture and cloud platforms.
You’ll be reporting into:Travis Kay  - Director Of Information Security

What you will be doing:

  • Static Application Security Testing (SAST), reviewing security scan results and working closely with development teams to prioritize security vulnerabilities identified using a risk-based approach
  • Performing Dynamic Application Security Testing (DAST) and conducting penetration testing against CaseWare’s applications and services
  • Participate in, and support application security reviews and threat modeling for product development.
  • Support and consult with product and development teams on application security and industry best practices.
  • Develop programs and or scripts for automation tooling,  working with architecture, development and operations stakeholders to enhance security tools and coverage in our CI/CD pipelines, and deployed services
  • Assist in development of automated security testing tools to validate secure coding best practices, and enforce security policy and standards
  • Research, identify, administer and support application security analysis tools
  • Integrating security tools, standards, and processes into the software development life cycle (SDLC), including participating in DevOps / DevSecOps 
  • Lead application security framework and security technology improvement projects, be a champion for software security within the organization
  • Perform other application security or product security related activities or tasks as needed or directed

What you will be doing in the first 6-12 months

  • Come up to speed on team operations
  • Understand build pipelines in GitHub and security tooling; Dependabot, CodeQL, Anchor, Veracode, CIS controls
  • Participate in Secure Design Reviews
  • Participate in PR reviews for Security Findings
  • Participate in Vulnerability and Penetration Testing
  • Participate in Application Risk Assessments
  • Take full ownership and accountability of accepted projects 
  • Work with Risk and Compliance on evidence collection and possibly automated support
  • Support enhancement of security practices in application engineering within the team
  • Consult and recommend changes for maturity and coverage in our Secure SDLC processes
  • Possibly develop standards, guidelines and produce libraries related to information and application security needs for Authentication, Authorization and Accounting / Logging and Encryption

What you’ll bring

  • Minimum of 5 years related development and security experience
  • Hands-on experience working with one or more SAST, DAST and IAST tools such as Veracode, BurpSuite, OpenVas, OWASP ZAP, NMAP,  Dependency-Track, Github Advanced Security or similar tools
  • Candidates should have good verbal and written communication skills
  • Be a responsible, self directed team player
  • An ability to mentor team members on soft and technical skills
  • Be able to think both offensively (like a hacker) and defensively (evaluating product security and software security architecture)
  • Show professionalism and proficiency in all aspects of Software Development and Software Security 
  • Solid development skills in at least one supported programming language, and willingness to learn others, Java, C#, GO,Python,Ruby,JS/Typescript
  • Positive Attitude and authentic tendency toward cooperation and teamwork
  • You can demonstrate experience in application security concepts such as secure coding, design or development and industry application security standards and best practices
  • Willingness to develop strong relationships across various security and development and architecture teams. Focus on bringing about positive results, identify and communicate requirements effectively

Nice to have:

  • Experience with GItHub Advanced Security
  • AWS or Azure related certifications 
  • Security related certifications
  • Familiarity with a variety of development and testing tools, including: IntelliJ, Git, Jira, Confluence, Maven, New Relic, Jenkins, Cypress, Docker is highly desirable and preferred
About CaseWareWith a head office in Toronto, CaseWare is one of Canada's original Fintech companies, having led the industry for over 30 years, with more than 500,000 users across 130 countries and available in 16 different languages.
CaseWare's cutting-edge software products are meticulously designed for accounting firms, corporations, and governments. Our teams are continually collaborating, innovating, and building upon our existing suite of products. With a customer-focused mindset, we are building technology that is shaping what the future of audits, financial reporting, and financial data analytics will look like.
With a recent strategic investment from Hg Capital in 2020, CaseWare is now in its next major growth phase as we double down on the people and products that have made CaseWare so successful to date.
One of CaseWare's core values is that we believe Our People Make Us Great and with that in mind, we're dedicated to building teams as diverse as our customers in an equitable and inclusive way. We welcome and encourage candidates of all backgrounds to apply. Should you require accommodations or have any questions at any point during the application or interview process, please e-mail our People Operations team at careers@caseware.com.
Any candidates successful in obtaining an offer for a position will need to successfully complete a background check through Certn.co which typically includes an Identity Verification and Criminal Record Check. Executives and Senior Managers will undergo a Soft Credit Check as well.
#LI-remote

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Tags: Analytics Application security Audits Automation AWS Azure Burp Suite C CI/CD Cloud CodeQL Compliance DAST DevOps DevSecOps Docker Encryption FinTech GitHub Java Jira Nmap OpenVAS OWASP Pentesting Product security Python Ruby SAST SDLC Security analysis TypeScript Veracode Vulnerabilities

Perks/benefits: Career development Team events

Region: North America
Country: Canada
Job stats:  14  1  0

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.